121 matches found
The vulnerability of the Datagram TLS implementation in microprogramming-based network interface controllers from Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to induce service failures.
The vulnerability of the Datagram TLS implementation in Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD lies in insufficient data authentication. Exploiting this vulnerability allows a malicious actor to induce service failure through specially created DTLS traffic...
CVE-2022-29491
On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side client/server, and DTLS on the other...
Eclipse TinyDTLS encryption issue vulnerability
Eclipse TinyDTLS is a library for Datagram Transport Layer Security DTLS.Eclipse TinyDTLS is vulnerable to an encryption issue that could be exploited by an attacker to compute a key to decrypt DTLS communications...
Datagram Transport Layer Security (DTLS) Protocol Detection
Detection of services supporting the Datagram Transport Layer Security DTLS protocol. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...
DTLS Service Detection
Nessus was able to detect that the remote service supports DTLS Datagram Transport Layer Security by sending a ClientHello and receiving a HelloVerifyRequest reply. TRUSTED...
UBUNTU-CVE-2020-24585
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS applicationdata messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application...
Zephyr Trust Management Issues Vulnerabilities
Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A trust management issue vulnerability exists in the UpdateHub module in Zephyr 2.1.0 and later fixed in version 2.2.0, which stems from the program disabling DTLS peer checking. An attacker could use...
INSIDE Secure MatrixSSL Buffer Overflow Vulnerability (CNVD-2020-22363)
INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. INSIDE Secure MatrixSSL suffers from a buffer overflow vulnerability that stems from the DTLS server not properly handling incoming network messages. An attacke...
openssl: Padding oracle in AES-NI CBC MAC check
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...
The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure
The vulnerability of the Anti-Replay function in the DTLS library of OpenSSL is related to the incorrect use of large port numbers. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using fake DTLS records...
The vulnerability of the OpenSSL software allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability exists in the function dtls1reassemblefragment in d1both.c in OpenSSL, due to an improper check of the length of fragments in DTLS ClientHello messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure buffer overflow an...
The vulnerability of Cisco IPS software allows a malicious actor to trigger a service failure.
The vulnerability in the dtls1getmessagefragment function in d1both.c of OpenSSL allows malicious actors to induce a service failure recursion and abnormal client termination by using the DTLS hello message in an invalid manner...
The vulnerability of the Cisco Unified Communications Manager software allows a malicious actor to execute arbitrary code.
The vulnerability exists in the function dtls1reassemblefragment in d1both.c in OpenSSL, due to an improper check of the length of fragments in DTLS ClientHello messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure buffer overflow an...
Amazon Linux: Security Advisory (ALAS-2012-38)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure
The vulnerability of the dtls1listen function in the OpenSSL library is related to pointer dereferencing errors. Exploiting this vulnerability could allow a malicious actor to cause service failure by generating DTLS traffic due to incorrect isolation of independent data streams...
OpenSSL dtls1_clear_queues Function Denial of Service Vulnerability
OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A security vulnerability exists in the 'dtls1clearqueues' function in OpenSSL's ssl/d1lib.c file due to the failure of the program to...
PT-2015-1683 · Openssl +1 · Openssl +3
Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a excluding 1.0.2a Description: The issue is related to the dtls1 listen function in OpenSSL, which does not properly isolate state information of independent data streams. This can be exploited by a remote...
openssl: SRTP memory leak causes crash when using specially-crafted handshake message
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server...
openssl: DTLS memory exhaustion
A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...